This policy detects errors related to the Windows Internet Name Service (WINS).

The Windows Internet Name Service (WINS) maps IP addresses to NetBIOS computer names and vice versa. A security vulnerability exists in the Windows Internet Naming Service (WINS).

This vulnerability exists because WINS incorrectly validates the length of specially-crafted packets. This could allow an attacker who sent a series of specially-crafted packets to a WINS server to cause the service to fail.

NOTE: This policy only works if the instructions for configuration of event log filtering have been implemented. These instructions are outlined below.

Download ITA W32_WINS_Service_Errors Policy

Affected Platforms

Windows NT/2000/2003/XP

Description

This policy detects errors related to the Windows Internet Name Service (WINS).

Policy Rules include:

• WINS_Packet_Format_Error
  This rule detects a WINS Packet Format error. Many of these errors may suggest a possible Denial of Service attack against WINS.
  
  

ITA Event Log Filtering Configuration Instructions

1. Browse to the system folder where the ITA agent is installed.
   
   
2. Locate the cols_nt.cfg file.
   
   
3. Insert the following event types to be monitored:
   
   \system\WINS